Category : token

I am dealing with a website vulnerable to CSRF. Let’s say that the page (upload.php) has the following code if (isset($file_submit)) { //submit_file() } else { show_submission_form() } submission_form() { $tool_content .= <<<cData <form enctype="multipart/form-data" action="upload.php" method="post" onsubmit="return checkForm(this)"> <br /> <tbody> <tr> <th class="left">${langWorkFile}:</th> <td><input type="file" name="userfile" class="FormData_InputText" /></td> </tr> <tr> <th class="left">${m[‘comments’]}:</th> <td><textarea ..

Read more

PHP uses keyword new to create an instance of given class. The description in PHP manual seems rather vague, find it unclear what syntax is allowed here. Which tokens/expressions can be passed to new. class Foo {} // using class identifier obviously works new Foo(); // => Foo{#2574} // … including omitting parens for constructor ..

Read more

I’m trying to automate the process for one website, and I’m on the login part. There is a POST request like this: https://auth.rexelusa.com/connect/token And in the body I have: code: xxxxxxxx client_id: storefront-web-v2 redirect_uri: https://store.rexelusa.com/callback response_type: code audience: grant_type: authorization_code code_verifier: xxxxxxxxxx Values code and code_verifier are always different for every request. I tried to ..

Read more

I am trying to get started with google api (calendar) but I can’t to get done. My purpose is to add events programmatically. I got message after authorize the application "Error : Failed to receive access token". I configured the project, access token, allow write calendar.. Here is my php code <?php session_start(); require_once(‘google-calendar-api.php’); require_once(‘settings.php’); ..

Read more

https://cdn.discordapp.com/attachments/825092370986696704/828667848087830631/message.txt Sorry for only putting the download to the .txt file. The message just exceeded 30000 characters. All you have to do to run it is change the extension to .bat. So I have this code, but theres something wrong with it. I run it, insert one of the valid codes, and it repeats all ..

Read more

I am using console.cloud.google. I generated client id and secret, saved it to json but it seems I can’t access refresh token. /** * @Route("/oauth2callback", name="oauth2-callback") * @Method("GET") */ public function index(Request $request) { $code = $request->query->get(‘code’); $client = new GoogleClient(); $client->setAuthConfig(__DIR__ . ‘/../AdsApi/client_secrets.json’); $client->setRedirectUri(‘http://’ . $_SERVER[‘HTTP_HOST’] . ‘/oauth2callback’); $client->addScope(Google_Service_Analytics::ANALYTICS_READONLY); // Handle authorization flow from ..

Read more

I am generating a unique token and saving it in a session variable on every request (in a typical CSRF protection fashion). Token is refreshed after checking it for validation with the POSTED token value. Here is my code (index.php): <?php session_start(); if (!empty($_POST[‘token’])) { var_dump($_POST[‘token’], $_SESSION[‘token’]); exit; } $_SESSION[‘token’] = rand(); echo ‘<form action="index.php" ..

Read more

I have been building a blog project with React, Laravel, Laravel Sanctum, which provides authentication. I have learned that clients, such as web browsers, must request to api/sanctum/csrf-cookie since I have to retrieve csrf token. Next, by requesting to api/login with appropriate login data(email, password), I can get plainTextToken, which is generated by Laravel Sanctum. ..

Read more